05-06-2007 11:25 PM - edited 03-03-2019 04:51 PM
is it true aaa authorization command level will only check tacacs server and check only associated with user. using aaa authorization must require the aaa authentication login because that is how acs know how to associate the user and command he/she allowed to execute. in other words by using only aaa authorization will confuse the router. tx for answering :)
Solved! Go to Solution.
05-06-2007 11:36 PM
AAA authentication is required for authorising a user from tacacs with a certain privilge level.
This can be done in 2 ways.
Define the Shell privilge level for each user in TACACS and have the commands for the that privilege level locally on every device.
Second and the recommended method is use shell authorization sets in TACACS. In this case the privilege level is set to 15 but the command are limited to what you have configured on the shell authorization sets.
Have a look at the attachment
HTH, rate if it does
Narayan
05-06-2007 11:36 PM
AAA authentication is required for authorising a user from tacacs with a certain privilge level.
This can be done in 2 ways.
Define the Shell privilge level for each user in TACACS and have the commands for the that privilege level locally on every device.
Second and the recommended method is use shell authorization sets in TACACS. In this case the privilege level is set to 15 but the command are limited to what you have configured on the shell authorization sets.
Have a look at the attachment
HTH, rate if it does
Narayan
05-06-2007 11:50 PM
Hi Narayan,
Definitely deserves rating :)
BR,
Mohammed Mahmoud.
05-18-2007 04:09 AM
Mohammed,
Can you share your email address.
Narayan
05-18-2007 06:38 AM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide